I think it is a good security practice to tie an app to the app's backend.
2013/12/11 Josh Soref
> Ian wrote:
> > There was some talk on the list a couple months ago about this -- not for
> > file-transfer specifically,
> > but the general idea of supporting custom
> certificates, or CAs in Cor
Ian wrote:
> There was some talk on the list a couple months ago about this -- not for
> file-transfer specifically,
> but the general idea of supporting custom
certificates, or CAs in Cordova.
This came up yesterday in the office.
> I think that, after a number of emails, we concluded that for
Actually this is not only for enterprise apps.
The way I implemented the first version is so that _only_ this cert is
trusted but no other.
If you have an app talking to your backend you might want to pin the SSL
connection to certs shipped with the app.
If you renew the cert you would add the new
Yeah, plugins should be able to have resource files. might be a
better tag name.
I actually like the idea of app-level self-signed certs. For many, putting
certs on device is too much trouble to be feasible. If you're building an
enterprise app, putting the cert in your app makes sense.
Would be
On Wed, Dec 11, 2013 at 9:36 AM, Ian Clelland wrote:
> As to the other question, for adding arbitrary resources, the best route
> would probably be to create a plugin that ships with the application, that
> includes that file. Plugins should have the ability to place arbitrary
> files, while I thi
There was some talk on the list a couple months ago about this -- not for
file-transfer specifically, but the general idea of supporting custom
certificates, or CAs in Cordova.
I think that, after a number of emails, we concluded that for users who
have legitimate custom certificate requirements,
